Skip to main content

Stripe Live Validation Evidence Template

Use this template to record evidence artifacts from Stripe post-cloud validation. Fill out each section after completing the corresponding validation step.

Metadata

FieldValue
ProviderStripe
Validation date<!-- DATE-YYYY-MM-DD -->
Cloud endpoint<!-- CLOUD-ENDPOINT-URL -->
Stripe account typetest / live
Stripe account IDacct_<!-- ... -->
Stripe webhook endpoint IDwe_<!-- ... -->
Validator<!-- NAME -->
Platform version<!-- COMMIT-SHA or VERSION -->
Overall resultPASS / FAIL

Positive Test — Webhook Delivery

CheckResultEvidence ref
Event triggered via Stripe APIPASS / FAILstripe-post-cloud-YYYYMMDD/delivery-log.json
Event type matches triggered eventPASS / FAILstripe-post-cloud-YYYYMMDD/delivery-log.json
Delivery status = deliveredPASS / FAILstripe-post-cloud-YYYYMMDD/delivery-log.json
Timestamp within 60s of triggerPASS / FAILstripe-post-cloud-YYYYMMDD/delivery-log.json

Signature Validation

CheckResultEvidence ref
Stripe-Signature header presentPASS / FAILstripe-post-cloud-YYYYMMDD/validation-evidence.json
Platform signature verification = validPASS / FAILstripe-post-cloud-YYYYMMDD/validation-evidence.json
Manual re-verification matchesPASS / FAILstripe-post-cloud-YYYYMMDD/manual-verify-output.json
t= timestamp within skewPASS / FAILstripe-post-cloud-YYYYMMDD/validation-evidence.json

Negative Tests

TestExpectedActualEvidence ref
Invalid HMAC signature401 / 403<!-- STATUS -->stripe-post-cloud-YYYYMMDD/negative-invalid-sig.json
Missing Stripe-Signature header401<!-- STATUS -->stripe-post-cloud-YYYYMMDD/negative-missing-sig.json
Unknown event typegraceful handling<!-- RESULT -->stripe-post-cloud-YYYYMMDD/negative-unknown-event.json

Artifacts

  • stripe-post-cloud-YYYYMMDD/delivery-log.json
  • stripe-post-cloud-YYYYMMDD/validation-evidence.json
  • stripe-post-cloud-YYYYMMDD/manual-verify-output.json
  • stripe-post-cloud-YYYYMMDD/negative-invalid-sig.json
  • stripe-post-cloud-YYYYMMDD/negative-missing-sig.json
  • stripe-post-cloud-YYYYMMDD/negative-unknown-event.json
  • stripe-post-cloud-YYYYMMDD/README.md (summary)

Claim Guard Check

  • ❌ Does this evidence contain live credentials? YES / NO
  • ❌ Does this evidence claim "live validated" for all providers? YES / NO
  • ❌ Does this evidence claim "GA" or "public launch GO"? YES / NO
  • ❌ Does this evidence claim "Free is evaluation-only"? YES / NO

If any claim guard answer is YES, redact and retract before publication.